> Only colors from the fringe of the selected area are used to generate a pixelation-like effect. The interior of the selected area is not used as an input at all and hence can not be recovered.
The edges of the pixelated area are used the generate a color palette, and then each pixel is generated by randomly sampling from that pallete's gradient.
To make it more fun for the maths nerds and to keep them guessing, replace the underlying contents with mostly random garbage (probably not full on obvious white noise) and then pixelize that: https://imgur.com/a/CTM4Zlv :)
I remember a protocol which required the text to be replaced with random-length output of a Markov chain text generator, and only then pixelizing.
Oh, you've spent hours on unpixelizing my secrets? Well congratulations, is the last telescope that, nor drink from shrinking nothing out and this and shutting.
Oooh oooh I know, I know! Replace the text with strings of all-caps five-letter groups that look just like oldschool CW encrypted messages, and that'll keep the MXGJD SWLTW UODIB guessing until AMEJX OYKWJ SKYOW LKLLW MYNNE XTWLK!
Or, you do the equivalent of adding a hash, and apply mosaic to it twice, with two slightly different size regions. Or apply both mosaic and swirl in random order. Or put a piece of random text over it before you mosaic it.
The main point here stands -- using something with a fixed algorithm for hashing and a knowable starting text is not secure. But there are a ton of easy fixes to add randomness to make it secure.
Surprised to see my article float up again so many years later.
I wouldn't consider a mosaic + swirl to be fully secure either though, especially considering both of these operations may preserve the sum of all pixels, which may still be enough entropy to dictionary attack a small number of digits.
It's probably the least secure of the ones I mentioned, yes. But even so, it massively increases the search space for a dictionary attack because the attacker doesn't know which algorithm was applied first.
But yes, at the end of the day, the best bet is to just take a mosaic of a random text and place it over the text you're trying to obscure. The reason people use mosaic is because it is more aesthetic than a black box, but there is no reason it has to be a mosaic of the actual text.
Good article - one takeaway is that any redaction process which follows a fixed algorithmic sequence (convolutions, transformation filters, etc) is potentially vulnerable to a dictionary attack.
I see what you mean, but FWIW “fixed” doesn’t sufficiently constrain or describe it. For example, filling a rectangle with black or random pixels is a fixed algorithmic sequence, same might go for in-painting from the background. The redaction output simply should not be a function of the sensitive region’s pixels. The information should be replaced, not modified.
You should be blacking out information, to be sure, but credit card numbers are one of the very few examples where cracking makes sense, given that otherwise you don't know the pattern nor the font. Assuming it's text at all.
Or the common case of redacting a name, address, or other sensitive text in a screenshot of a web page, word doc or PDF. In those, getting the font is very straightforward.
You also don't need to match the whole redacted text at once - depending on the size of the pixels, you can probably do just a few characters at a time.
> Since pixelation does not protect the contents of the pixelated area (see e.g. https://github.com/bishopfox/unredacter), _pseudo-pixelation_ is used:
> Only colors from the fringe of the selected area are used to generate a pixelation-like effect. The interior of the selected area is not used as an input at all and hence can not be recovered.
The edges of the pixelated area are used the generate a color palette, and then each pixel is generated by randomly sampling from that pallete's gradient.
Not serious advice.
Oh, you've spent hours on unpixelizing my secrets? Well congratulations, is the last telescope that, nor drink from shrinking nothing out and this and shutting.
The main point here stands -- using something with a fixed algorithm for hashing and a knowable starting text is not secure. But there are a ton of easy fixes to add randomness to make it secure.
I wouldn't consider a mosaic + swirl to be fully secure either though, especially considering both of these operations may preserve the sum of all pixels, which may still be enough entropy to dictionary attack a small number of digits.
But yes, at the end of the day, the best bet is to just take a mosaic of a random text and place it over the text you're trying to obscure. The reason people use mosaic is because it is more aesthetic than a black box, but there is no reason it has to be a mosaic of the actual text.
https://news.ycombinator.com/item?id=34031568
You also don't need to match the whole redacted text at once - depending on the size of the pixels, you can probably do just a few characters at a time.